omero-integration
Fail
Audited by Gen Agent Trust Hub on Feb 16, 2026
Risk Level: HIGHPROMPT_INJECTIONCOMMAND_EXECUTION
Full Analysis
- Indirect Prompt Injection (HIGH): This skill presents a significant attack surface by processing potentially attacker-controlled content from an OMERO server. Evidence: 1. Ingestion points: data_access.md (getObject/getObjects) and metadata.md (annotations/tags). 2. Boundary markers: Absent in provided documentation and code snippets. 3. Capability inventory: metadata.md (writing annotations), scripts.md (creating server-side scripts), and advanced.md (deleting objects). 4. Sanitization: No input validation or sanitization routines are documented for handled data.
- Dynamic Execution (MEDIUM): The skill documents the use of the OMERO.scripts framework in references/scripts.md, which allows for server-side processing. If an agent generates or modifies these scripts based on untrusted external data, it could lead to arbitrary code execution on the OMERO server.
- Credentials Handling (LOW): The skill handles sensitive authentication credentials (username and password). While the documentation recommends best practices such as environment variables, the inherent handling of these secrets by the agent requires careful management to prevent accidental logging or exposure.
Recommendations
- AI detected serious security threats
Audit Metadata